Some of us were talking on another forum and discussing the saturation of Kazaa with deliberately altered MP3 files. Several there even analyzed altered MP3's as they had some doubts about this and wanted to see for themselves. Anyway one of the group found this and posted it to his website, it is a patent application for and describing how to seed altered files to P2P applications to prevent the distribution of illegal music files.

You can get a copy of this application at his website, the link is HERE WWW.HEADBANDS.COM (http://www.headbands.com/pdf/US-2002-0082999-A1.pdf.rar)

So I wonder why and what the significance is of applying for this patent.

Sharman should get Involved...
http://www.klboard.ath.cx/index.php?act=ST...t=0#entry455246 (http://www.klboard.ath.cx/index.php?act=ST&f=13&t=62541&st=0#entry455246).

I'm trying to understand this. Does the hash stay the same when you garble parts of the file ????
If the hash stays the same, this trick might well put KaZaA out of business until extra CRC checks are added. :(

Otherwise its just annoying.

If this is users ( so called users) intercepting the files for the sole purpose of damaging them, then mischief charges should be applicable at the very least.
If this is a service provider or ISP getting involved in damaging ANY data transferred over it's network, then a full scale investigation and consumer uprising is in order.
They have no right to assume any thing. It may well be that I am transferring MY music files from one residence to another using the simplest program available. Or any program for that matter. It is None of their business untill a specific complaint of abuse is recieved. Not generalisations, Specifics.

Downloading this to have a look at it. Of cource they have no right intercepting file transfers. EVIDENCE

If this is users ( so called users) intercepting the files for the sole purpose of damaging them, then mischief charges should be applicable at the very least.
If this is a service provider or ISP getting involved in damaging ANY data transferred over it's network, then a full scale investigation and consumer uprising is in order.
They have no right to assume any thing. It may well be that I am transferring MY music files from one residence to another using the simplest program available. Or any program for that matter. It is None of their business untill a specific complaint of abuse is recieved. Not generalisations, Specifics.

Yes! Well said!! :D
No-one should be allowed to damage a file.

Originally posted by Aimless6@21 August 2003 - 12:26
I'm trying to understand this. Does the hash stay the same when you garble parts of the file ????
If the hash stays the same, this trick might well put KaZaA out of business until extra CRC checks are added. :(

Otherwise its just annoying.
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.

You can read about it HERE Secunia.com (https://testzone.secunia.com/advisories/8231/)

Originally posted by Hdestm8r@21 August 2003 - 14:04
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.
That's f****n' ugly!!! :x

@balamm

Intercepting ??? I didn't see anything about that in the patent. I only see flouding the p2p networks with downgraded mp3's, that have the same name and bandwith as the original version. In the hope that we stop trying to download the original, or even dash to the shop to buy the CD for $25. Of course the latter will not happen.

@Hdestm8r

Thats even worse than I feared.

I sure hope we get a fix soon.

btw.
Writing a virus is illegal in most countries isn't it ? Then whats the punishment for using this perticular exploit ? Fines, jailtime or (chemical) castration ?

Originally posted by Hdestm8r@21 August 2003 - 08:04
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.

You can read about it HERE Secunia.com (https://testzone.secunia.com/advisories/8231/)
I think Kazaa hashes the first MB or so of the file for purposes of seeing which files are same/different.

I've seen identical-sized, identically named files show up in searches that DON'T go together as the same multi-sourced file. This is indirect proof that there is at least some partial hash scheme at work.

Then again, I saw different sized mp3 files go in the same multi source thing.
Kazaa works in mysterious ways sometimes. :)

Originally posted by Hdestm8r@21 August 2003 - 14:04
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.

You can read about it HERE Secunia.com (https://testzone.secunia.com/advisories/8231/)
I was always under the impression that if the file was altered, then the Hash was as well.
Although I read the article you linked to and am wondering about the validity of the source...

Description:
A vulnerability in Kazaa could be exploited by malicious people to corrupt the files other users download.

The vulnerability is caused by Kazaa only checking file name and size, when categorizing files for simultaneous downloads from multiple locations. A malicious person could therefore download a file and corrupt it by deleting the content by replacing it with NULL bytes or other arbitrary values with a hex editor keeping the same filename and file size. If another user downloaded part of the file as part of a simultaneous download from multiple locations, the file would be corrupted.

People with an interest in terrorising the Kazaa network would be able to exploit this vulnerability by registering multiple accounts and make many fake files with popular names available.

The users most affected by this vulnerability are those, who are using modems, ISDN or has other solutions, where they pay for the time online or amount of data downloaded.

Solution:
Only download legal files from trusted sources.
Seems a very simplified article to conclue to a very simple Solution...
I seriously find this hard to believe as it contradicts earlier common statements.

Originally posted by Switeck+21 August 2003 - 19:19--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Switeck &#064; 21 August 2003 - 19:19)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Hdestm8r@21 August 2003 - 08:04
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.

You can read about it HERE Secunia.com (https://testzone.secunia.com/advisories/8231/)
I think Kazaa hashes the first MB or so of the file for purposes of seeing which files are same/different.

I&#39;ve seen identical-sized, identically named files show up in searches that DON&#39;T go together as the same multi-sourced file. This is indirect proof that there is at least some partial hash scheme at work. [/b][/quote]
This may help you. This analysis was done by the same person who found the "Patent Application" when he looked at the bad MP3&#39;s himself.

****** "But back to the files: besides all the frame headers being suspiciously intact, as (name removed) mentioned, in five cases out of six, the corruption starts at the exact same point: 4b000 hex (i.e exactly 307,200 bytes into the file). I&#39;d have to say it does indeed appear they are being methodically corrupted in a pre-meditated manner by someone." ******

So Kazaa could hash some of the first part and assume that the file is genuine and include it in the mix.

By the same token though I have seen differently named files lumped together as being the same file.

I think what is being concluded here is that Kazaa does not check the full hash of the file. It just loosely checks the file for size conformity. I guess that is why I posted this was to find the real truth behind these deliberately seeded bad files and why Kazaa allows good files to coexist with bad files and how that patent could work with Kazaa. I don&#39;t know enough about Kazaa to actually make a definitive statement either way. I know of others who have the same question as we had 3 pages of discussion in the other forum on this topic.

Edit: I made a mistake and said MD5 when I meant the full hash

Kazaa hashes only the first piece of a files. I think it was only the first 300 KB.

Originally posted by Paul@21 August 2003 - 20:50
Kazaa hashes only the first piece of a files. I think it was only the first 300 KB.
Well then if the corruption starts as stated and verified above at 307,200 bytes then Kazaa would think it is a genuine file so that would be how this could really be done

Originally posted by Hdestm8r@21 August 2003 - 20:24
****** "But back to the files: besides all the frame headers being suspiciously intact, as (name removed) mentioned, in five cases out of six, the corruption starts at the exact same point: 4b000 hex (i.e exactly 307,200 bytes into the file). I&#39;d have to say it does indeed appear they are being methodically corrupted in a pre-meditated manner by someone." ******
Yuk...
Just beyond the 300K.
Meanwhile Sharman Networks...
Sits on their ASS like a beat RAT.
http://www.klboard.ath.cx/index.php?act=ST...t=0#entry455246 (http://www.klboard.ath.cx/index.php?act=ST&f=13&t=62541&st=0#entry455246)
I&#39;ve yet to hear a reply and don&#39;t really expect one.
I&#39;ve come to think they just don&#39;t care anymore.

Sharman Networks don&#39;t care about anything as long as they get money from ads. I even reported the serious fasttrack vulnerability to them (and Joltid) but neither replied. They should be lucky I don&#39;t work for the enemy.

And that Secunia DoS exploit has been known for years. Shouldn&#39;t even have been posted there at all. It was some idiot working for the original Kazaa company that decided they should only hash the first 300K of the file. He&#39;s probably killed himself now, seeing as how much fake mp3s there are on the network with correct sigs thanks to him. Maybe he&#39;s working for the RIAA now? :D

Originally posted by random nut@23 August 2003 - 03:07
Sharman Networks don&#39;t care about anything as long as they get money from ads. I even reported the serious fasttrack vulnerability to them (and Joltid) but neither replied. They should be lucky I don&#39;t work for the enemy.
As I stated in another post...

Seems to me those dimwits are kinda sittin&#39; on their asses wathing the villagers go on a witch hunt while they merely stand by, not realising they are the witch about to baked and tossed into the river.

Perhaps they are content with their new point system they have f**ked into KMD 2.5, or maybe they intend to lay down like a beat rat awaiting defeat, perhaps they are ready to retire with all the the riches they have made as well.

How do you watch greatness shrivell to shit when it is your own?

I just find their stance almost as pathetic as those attacking them.
Will they care about being Belly Up.

This is heavy shit man&#33; This can be done with any kind of file i guess, so were bound to see f**ked up divx also.

I know Shareaza uses the entire file to calculate the hash. Does anyone knows how WinMX or Piolet do this?

Looks like bye bye Kazaa for me. :(

Aw that fucking fullshit about flooding Fasttrack with fake files deserves no patent. :swear: That is just a collection of dirty tricks not an invenction.

A few days ago I was downloading the latest album from The Black Eyed Peas, by searching for it on K-Lite.
I downloaded only the files that had the most users/sources.
I assumed they were working and didn&#39;t test them, so I burned them on a CD with Nero 6
When I played the disc on my CD-player, all the tracks were the same&#33;&#33;.
Really weird. Someone made one audio file containing 15 seconds of "Where&#39;s the love" and made it loop.
But they had different filenames and sizes.

When I read this topic I recognized this experience.
So if you continue think about what you said here (http://www.klboardlite.ath.cx/bb/read.php?f=2&i=15625&t=15625) and make it happen, K-Lite will then no longer find/download fake files.

Good luck&#33;

Originally posted by SlimShady@4 September 2003 - 12:30
When I read this topic I recognized this experience.
So if you continue think about what you said here (http://www.klboardlite.ath.cx/bb/read.php?f=2&i=15625&t=15625) and make it happen, K-Lite will then no longer find/download fake files.
Link is down, explain if you could. Perhaps you&#39;re reffering to Paul&#39;s post on the IP&#39;s that are serving the edited files or...

As for different files types possibly being affected, well its already happened.

As I see it only Sharman can truly fix this.

I meant the topic named:
"There is a way to overcome the Kazaa Hash Limitation"

Originally posted by SlimShady@7 September 2003 - 15:39
I meant the topic named:
"There is a way to overcome the Kazaa Hash Limitation"
Which was how...

Truth be told perhaps Sharman even leaked the method to this madness themselves, as it actually fowards their "business model" since nobody will attack the Altnet type DRM files, or pehaps SOMEONE should (wouldn&#39;t that be irony).